980ddf7...
by
"Dmitry V. Levin" <email address hidden>
pam_canonicalize_user: add a test for return values
* modules/pam_canonicalize_user/tst-pam_canonicalize_user-retval.c: New
file.
* modules/pam_canonicalize_user/Makefile.am (TESTS): Add
$(check_PROGRAMS).
(check_PROGRAMS, tst_pam_canonicalize_user_retval_LDADD): New variables.
2cae0f5...
by
"Dmitry V. Levin" <email address hidden>
pam_canonicalize_user: new module to canonicalize user name
This module uses the name of the user obtained via pam_get_user(3)
as a key to query the password database, and replaces PAM_USER
with the pw_name value that has been returned.
The main usage scenario is systems where a user name is used in several
distinct authentication systems, some of them being case sensitive while
others are not.
* configure.ac (AC_CONFIG_FILES): Add
modules/pam_canonicalize_user/Makefile.
* doc/sag/pam_canonicalize_user.xml: New file.
* doc/sag/Linux-PAM_SAG.xml: Add a reference to
pam_canonicalize_user.xml.
* modules/Makefile.am (SUBDIRS): Add pam_canonicalize_user.
* modules/pam_canonicalize_user/Makefile.am: New file.
* modules/pam_canonicalize_user/README.xml: New file.
* modules/pam_canonicalize_user/pam_canonicalize_user.8.xml: New file.
* modules/pam_canonicalize_user/pam_canonicalize_user.c: New file.
* modules/pam_canonicalize_user/tst-pam_canonicalize_user: New file.
6a4bf99...
by
"Dmitry V. Levin" <email address hidden>
libpam: fix _pam_mkargv return value on error path
* libpam/pam_misc.c (_pam_mkargv): Return 0 in case of memory allocation
failure.
d686b51...
by
Benny Baumann <email address hidden>
libpam: avoid infinite recursion with includes
When there's a loop of configuration files consisting solely of includes
the recursion depth level is never incremented and thus no upper limit is
enforced. This leads to a crash caused by a stack overflow.
This patch updates the logic to track both the number of includes as well
as the number of substacks we are on; ultimately adding a new parameter
to track this information.
e8bda3c...
by
"Dmitry V. Levin" <email address hidden>
ci: add --enable-debug jobs to the ci matrix
ea5722f...
by
Benny Baumann <email address hidden>
libpam: mark debug output functions as potentially unused
Marking the functions _pam_output_debug and _pam_output_debug_info as
potentially unused reduces the noise when compiling in debug mode.
The warning is produced whenever _pam_macros.h is included, but no
debug output is produced by the module. Just marking the function
as static inline, which would have a similar effect, does not work
for various reasons and instead produces new issues instead.
Thus silencing this warning by telling the compiler about our intentions
with these functions is the better approach.
a3cef68...
by
Benny Baumann <email address hidden>
libpam: mark _pam_output_debug as printf-style function
Marking _pam_output_debug as printf-style function allows the compiler to
check for potential errors at places where this function is called, like
mismatches in the argument types or insufficient number of arguments.
e5e0985...
by
Benny Baumann <email address hidden>
pam_unix: avoid integer truncation in debug output
When printing the current day and when the password was last changed,
a truncation of the value could happen due to incorrect data types used
in the format string.